Grinex, a cryptocurrency exchange under U.S. sanctions and based in Kyrgyzstan, has announced it is ceasing operations following a significant cyber heist estimated at $13 million. The hacking incident, reportedly executed by “western special services” hackers, has raised alarms within the cryptocurrency community.
Blockchain analytics firm TRM confirmed the breach, estimating the total value of stolen assets at approximately $15 million. Researchers identified around 70 compromised addresses within the exchange, which is notably higher than the 54 addresses Grinex initially reported. However, the methods the attackers used to breach Grinex’s defenses remain undisclosed.
Grinex has claimed that it has faced persistent cyber attacks since its incorporation 16 months ago, with recent intrusions specifically targeting its Russian user base. In a statement, the exchange expressed concern regarding the sophistication of the attack, suggesting it involved advanced resources and technology likely available only to state-sponsored actors from hostile nations. Grinex alleges that the operation was intentionally designed to undermine Russia’s financial sovereignty.
In response to the breach, Grinex announced a temporary suspension of operations and has reported the incident to law enforcement agencies. They are urging the initiation of a criminal investigation into the infrastructure associated with the attack.
Further complicating matters, TRM reported that another Kyrgyzstani exchange, TokenSpot, was also compromised in the same wave of attacks. Two addresses linked to TokenSpot sent funds to a consolidation address that matched those impacted at Grinex. The simultaneous inoperability of both exchanges suggests that they were targeted by the same malicious actor.
TRM characterized TokenSpot as a front for Grinex, which had already been sanctioned by the U.S. Treasury Department last year. The Office of Foreign Assets Control had previously described Grinex as a rebranding of Garantex, an exchange sanctioned in 2022 for facilitating illicit transactions exceeding $100 million since 2019, including those related to ransomware actors and cybercriminal activities. Last year’s sanctions followed TRM’s assertion that Grinex was likely another front for Garantex.
